NetScaler does Client IP insertion in the HTTP header to ensure transparency for the backend servers.  HTTP is a smarter protocol which supports headers and dynamic insertion with which we can send the end-client IP to backend App. When you want to do the same for TCP based Apps you face several challenges like TCP does not have defined structure for the data in payload. NetScaler cannot insert dynamic header into TCP payload and till release 9.2 NetScaler only supported HTTP based rewrite. To fight similar problems the concept of TCP rewrite was introduced in NetScaler 9.3 release. TCP rewrite helps rewrite data in TCP payload. Thus to make TCP based Apps end-client aware you can insert the client IP into the TCP payload going to the backend TCP App using TCP rewrite.

Let us take a look at how effectively you can do content rewrite and insertion in TCP payload. Note that TCP rewrite and insertion is done for traffic flowing through TCP based vservers.

  • Adding rewrite action act1, which will insert ” From Client: ” string and then the client IP address.
    • add rewrite action act1 INSERT_AFTER ‘CLIENT.TCP.PAYLOAD(5)’ ‘” From Client: “+ CLIENT.IP.SRC’
  • Adding rewrite policy pol1 which evokes act1 action
    • add rewrite policy pol1 TRUE act1
  • Binding pol1 rewrite policy globally
    • bind rewrite global pol1 100 END -type OTHERTCP_REQ_OVERRIDE

As can be seen, a request with “Hello There!” as the TCP Payload has been sent from end-client. As can be seen from the traffic flow diagram, action will insert before the TCP payload the Client IP address after From client: string and send this as the request to the server.

REQUEST (TCP Payload) from client to NetScaler

Hello There!

REQUEST (TCP Payload) from NetScaler to the Server

Hello There! From client: 11.102.58.200


With this, the server can look for the IP address after “ From client: ” string in TCP payload and understand the client IP address.